When an anonymous group calling itself Shadow Brokers put up for auction a collection of data it said it stole from the NSA, the group wrote that it would make the information public if it received the truly absurd “Dr. Evil” sum of one million bitcoins—at current exchange rates, about $576 million. So far, however, it’s achieved a more modest payday: $937.15.
Over twenty-four hours have passed since the Shadow Brokers publicized its auction of a collection of encrypted information it claimed to have obtained from hacking the Equation Group, an elite team of hackers linked last year to the NSA. Shadow Brokers offered the data, which it claims includes a “full state-sponsored toolset” of “cyberweapons,” to the highest bitcoin bidder, with the promise that if the total bids reached a million bitcoins, it would publish the entire dataset.
But buyers aren’t exactly clamoring to outbid one another for the secrets. So far, only one significant bid has been made, offering 1.5 bitcoins, or about $865 dollars, based on the publicly visible transactions in bitcoin’s accounting ledger known as the blockchain. The next highest bid for the cache is .04 bitcoins, or $23.
The lack of bids doesn’t come as much of a surprise, says Mikko Hypponen, chief research officer at the security firm F-Secure, given how bizarrely the terms of sale were defined. The Shadow Brokers expected bidders to pay in advance with the understanding that only the highest bidder would receive the decryption key to access the data, and all others would forfeit their bids. “This is one weird auction,” says Hypponen. “It was very shady to begin with.”
But the absurd auction system contrasts with the security community’s growing consensus that the stolen data is real, and may indeed have come from a counter-hack …